Achieving Accountability in Cyberspace: Revolution or Evolution?
Abstract
Consider three scenarios, all based on actual incidents, and consider how violations in cyberspace have effects far beyond the actual incidents. Cross-domain Violation. During a crisis in the Arabian Gulf, a young Sailor working in an operations-intelligence cell on an aircraft carrier that is part of a U.S. Central Command (USCENTCOM) carrier strike group (CSG) is tasked to provide satellite imagery of a new base of operations used by the Iranian navy. The best imagery available is on an unclassified Web site. Due to the urgency of the situation, the Sailor disregards standard operating procedures for transferring data between networks and downloads the image to an unclassified thumb drive and inserts the thumb drive into a Secret Internet Protocol Router Network (SIPRNet) USB port to transfer the imagery in preparation for a briefing to the commander. Unfortunately, the thumb drive is infected with treacherous malware, which is subsequently transferred to the ship's classified and unclassified networks through this cross-domain violation. Within hours, the malware propagates throughout both networks and begins to beacon to a site known for its statesponsored cyberspace espionage activities. There is no choice but to shut down both the unclassified and the secret networks on the carrier, isolating it from the rest of the CSG and from higher headquarters ashore and leading to disastrous consequences for ongoing operations.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2014
- Accession Number
- ADA622252
Entities
People
- John N. Shanahan
Organizations
- National Defense University